12-18-2003, 11:55 PM
|
|
Web Hosting Master
|
|
Join Date: Feb 2001
Posts: 617
|
|
<2.4.23 kernel warning!
Linux Kernel do_brk() Vulnerablility
Highly recommend to upgrade to v2.4.23 (I tested exploit code on my own server  )
http://www.securiteam.com/unixfocus/6R0012095O.html
__________________
Alex
|
12-19-2003, 12:08 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2003
Posts: 267
|
|
But i dont know which version kernel in my box !! how to know which version then ?
|
12-19-2003, 12:14 AM
|
|
Web Hosting Master
|
|
Join Date: Feb 2001
Posts: 617
|
|
__________________
Alex
|
12-19-2003, 12:58 AM
|
|
iNET Interactive
|
|
Join Date: May 2001
Location: Dayton, Ohio
Posts: 4,870
|
|
__________________
-Mat
|
12-19-2003, 01:20 AM
|
|
Web Hosting Master
|
|
Join Date: May 2003
Location: Philadelphia
Posts: 968
|
|
Or they are already owned  The exploits are very readily available and I'm sure many people have script kiddie wannabe's as clients
__________________
http://www.eBoundary.com - Let us help you expand your eBoundaries!
Fast, Secure and reliable FreeBSD shared, reseller and dedicated hosting.
FREE Peace of mind with every account!
|
12-19-2003, 01:53 AM
|
|
Retired Moderator
|
|
Join Date: Jan 2003
Posts: 9,002
|
|
I upgraded it weeks ago. On the 1st of December of so.
|
12-19-2003, 03:25 AM
|
|
Disabled
|
|
Join Date: Dec 2002
Location: chica go go
Posts: 11,858
|
|
doesn't work on redhat 9 machines, i tested it on my own machine running 2.4.20-24.9 and another machine running 2.4.20-20.9smp and each of them compiled correctly, but do not execute due to a segmentation fault .
|
12-19-2003, 03:36 AM
|
|
Retired Moderator
|
|
Join Date: Jan 2003
Posts: 9,002
|
|
That's because 2.4.20.24.9 is the patched version that Redhat released.
|
12-19-2003, 05:39 AM
|
|
iNET Interactive
|
|
Join Date: May 2001
Location: Dayton, Ohio
Posts: 4,870
|
|
And yes it does work on an unpatched RH9 server.. Happened to have to recover one that was with that very exploit.. The c source was interesting..
__________________
-Mat
|
12-19-2003, 06:12 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2003
Posts: 267
|
|
I'v read a lot of "how to" kernel update and really want to do it myself but it look danrgous and i ..scare 
|
12-19-2003, 06:26 AM
|
|
Junior Guru Wannabe
|
|
Join Date: Aug 2003
Location: Mars
Posts: 86
|
|
blackmoont, You can always try rpm version's of kernel. If you use redhat then you can use up2date to upgrade your kernel automatically..
__________________
./HaShoo
|
12-19-2003, 07:08 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2003
Posts: 267
|
|
Yes , i am using redhat 9 but are there anything risk if i use up2date ?
|
12-19-2003, 07:17 AM
|
|
Web Hosting Master
|
|
Join Date: Feb 2003
Location: Detroit
Posts: 795
|
|
Quote:
|
Yes , i am using redhat 9 but are there anything risk if i use up2date ?
|
Only if you compiled any modules against the kernel. It's more common in a desktop situation than a production server, but if you have any customizations to the kernel then you may have issues.
If you installed default redhat, and it worked, then your fine. If your on a hosted platform, hopefully your hosting company isn't stupid enough to put you on hardware that requires custom builds.
|
12-19-2003, 07:44 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2003
Posts: 267
|
|
My server place at American Datacenter . I am using RedHat 9 and apache compliled with phpsuexec , cpanel . That's all . Anything dangrous if i run up2date ? Pls give me some comment and let me have enough brave to update kernel myself . .
|
12-19-2003, 07:45 AM
|
|
Web Hosting Guru
|
|
Join Date: Apr 2003
Posts: 267
|
|
argg, i have about 300 hosting account in my 2 server , so if i do something wrong , my neck will be cut off 
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
